Chapter 5: Practice Labs – Managing Azure Identities and Governance

The best way to become efficient with Azure is to get hands-on experience to test your skill set. This chapter will test the skills you acquired in the first four chapters. The labs in this chapter are referencing the official Microsoft Learning labs on GitHub.

In brief, the following lab sections are required to be completed:

• Managing Azure Active Directory identities
• Managing subscriptions and RBAC
• Managing governance via Azure Policy

Technical requirements

To follow this chapter hands-on, you will need access to an Azure Active Directory (AD) tenant as a global administrator. If you do not have access to one, students can enroll with a free account: https://azure.microsoft.com/en-in/free/.

An Azure subscription is also required; you can either register with your own credit card or enroll for the free $200 one-off credit by using the following link: https://azure.microsoft.com/en-us/free/.

An Azure AD Premium P1 license is also required for some of the sections; luckily, there is also a free trial for one month: https://azure.microsoft.com/en-us/trial/get-started-active-directory/.

Important Note

Even though the labs are in GitHub, no GitHub account is required to access the labs.

Managing Azure AD objects

The following is the link to the official Microsoft Learning GitHub labs, which will guide you through each task step by step for managing Azure AD objects:

https://microsoftlearning.github.io/AZ-104-MicrosoftAzureAdministrator/Instructions/Labs/LAB_01-Manage_Azure_AD_Identities.html

Lab scenario one

You are the administrator of an organization and have been instructed to provision users and groups within Azure AD.

This lab scenario consists of four different lab tasks with an estimated time of 30 minutes to complete, and are as follows:

1. Task one: Create and configure Azure AD users.
2. Task two: Create Azure AD groups with assigned and dynamic memberships.
3. Task three: Create an Azure AD tenant.
4. Task four: Manage Azure AD guest users.

After you have completed the labs, you can remove the resources created.

Note

It is best practice to remove unused resources to ensure that there are no unexpected costs, even though the resources created in this lab do not incur additional costs.

Now that we have practically learned how to create users and groups within Azure AD, let's next have a look at how to implement Role-Based Access Control (RBAC).

Managing RBAC

The following is the link to the official Microsoft Learning GitHub labs, which will guide you through each task step by step for managing RBAC:

https://microsoftlearning.github.io/AZ-104-MicrosoftAzureAdministrator/Instructions/Labs/LAB_02a_Manage_Subscriptions_and_RBAC.html

Lab scenario two

You are the administrator of an organization and have been instructed to improve the management of Azure resources; you need to implement the following:

• Creating a management group that includes all Azure subscriptions
• Granting permissions to submit support requests for all subscriptions in the management group to a specific Azure AD user

This lab scenario consists of three different lab tasks with an estimated time of 30 minutes to complete:

1. Task one: Implement management groups.
2. Task two: Create custom RBAC roles.
3. Task three: Assign RBAC roles.

After you have completed the labs, you can remove the resources created.

Important Note

It is best practice to remove unused resources to ensure that there are no unexpected costs, even though resources created in this lab do not incur additional costs.

Now that we have practically learned how to create a custom RBAC role and assign the role, let's have a look next at how to configure resource tags.

The following is the link to the official Microsoft Learning GitHub labs, which will guide you through each task step by step for managing subscriptions and governance:

https://microsoftlearning.github.io/AZ-104-MicrosoftAzureAdministrator/Instructions/Labs/LAB_02b-Manage_Governance_via_Azure_Policy.html

Lab scenario three

You are the administrator of an organization and have been instructed to improve the management of Azure resources; you need to implement the following:

• The tagging of resource groups for infrastructure resources
• Ensuring that only tagged resources can be added to infrastructure resource groups
• Remediating any non-compliant resources

This lab scenario consists of three different lab tasks with an estimated time of 30 minutes to complete:

1. Task one: Create and assign tags via the Azure portal.
2. Task two: Enforce tagging via Azure Policy.
3. Task three: Apply tagging via Azure Policy.

After you have completed the labs, you can remove the resources created.

Note

It is best practice to remove unused resources to ensure that there are no unexpected costs, even though the resources created in this lab do not incur additional costs.

After completing the preceding tasks, you have learned hands-on how to assign and even enforce resource tags within the Azure portal.

Summary

In this chapter, we had a look at scenario-based labs, which tested our skills in the following areas: creating users and groups, implementing management groups, creating and assigning custom RBAC roles, creating and assigning tags to resources, and enforcing tags on resources via Azure Policy.

In the next section, we'll cover implementing and managing storage in Azure after looking at how to configure network access to storage accounts.